X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fuser.php;fp=include%2Fuser.php;h=f58293e888c63dda174ac90cb6f4d73b2aa8651b;hp=19b95440e32edfb4cb2f1e65c49d123873b34b63;hb=fca4b445ba9fd3ca6abdd7c08a59e25b817c537b;hpb=ecabf718a77ca979d16ef9d55f8db962fd3e814b

diff --git a/include/user.php b/include/user.php
index 19b9544..f58293e 100644
--- a/include/user.php
+++ b/include/user.php
@@ -67,7 +67,8 @@ if(myisset('forgot'))
 
 	    /* create temporary password, use the fist 8 letters of a md5 hash */
 	    $TIME  = (string) time(); /* to avoid collisions */
-	    $hash  = md5('Anewpassword'.$email.$TIME);
+	    $rndstring = sha1(rand()); /* add some randomness */
+	    $hash  = md5('Anewpassword'.$email.$TIME.$rndstring);
 	    $newpw = substr($hash,1,8);
 
 	    $message = sprintf( _("Someone (hopefully you) requested a new password.\n".